CVE-2013-5649

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 50.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Juniper IVE OS
Timeline
PublishedSep 13
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDjuniper/ive_os4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-rxgq-chfj-7ccx: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 72022-05-17
CVEList
CVE-2013-5649: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 72013-09-13

📋Vendor Advisories

1
Juniper
CVE-2013-5649: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 befo2013-09-13
CVE-2013-5649 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io